New report suggests threat actors are selling PII and PHI from healthcare institutions for under $2000

• Much of the advertisements for stolen databases were posted months or years after the breach was announced.
• Chinese APT groups are the biggest threat for medical institutions.

Healthcare organizations are the most targeted sector as they contain a vast amount of sensitive information related to patients. Given the wide use of outdated or unsupported systems in a majority of hospitals, diagnostic centers , and healthcare insurance providers , it has become an easy task for hackers to gain access to valuable patient records.

A new study conducted by FireEye has revealed that malicious actors are selling the databases containing this valuable data for prices under $2000 on underground forums.

What data do these databases contain?

In extensive research performed by researchers at FireEye between October 1, 2018, and March 31, 2019, it has been found that much of these advertisements for stolen databases were posted months or years after the breach was announced.

The compromised databases - which could be bought for under $2000 - contained personally identifiable information (PII) and protected health information (PHI) such as patients’ ZIP codes, email addresses, driver’s licenses , and health insurance details. This sensitive data is associated with healthcare institutions in the US, the UK, Canada, Australia , and India. The starting price of the stolen data was set at $200.

Other dangers

Apart from selling stolen data from healthcare organizations, cybercriminals also often sell illicit access to these organizations in underground markets.

Researchers noted that, “This access can enable other actors to perform a post-exploitation activity such as obtaining and exfiltrating sensitive information, infecting other devices in the compromised network, or using connections and information in the compromised network to exploit trust relationships between the targeted organizations and other entities to compromise additional networks.”

New cyberespionage threats

Chinese APT groups are the biggest threat for medical institutions. The threat actors have been found a special mention in the report for mining data linked to cancer research.

“In early April 2019, suspected Chinese cyber espionage actors targeted a U.S.-based health center—with a strong focus on cancer research—with EVILNUGGET malware. One of the lure documents references a conference hosted by the targeted organization. In alignment with a trend we continue to witness affecting healthcare, this same organization has been targeted by multiple Chinese threat actors in the past,” said the report.

It is believed that targeting medical research and data from such studies may enable Chinese corporations to bring new drugs to market faster than Western competitors.

The bottom line

With the increasing number of biomedical devices used for critical functions, hospitals , and healthcare providers present a growing security challenge. These biomedical devices can be used as potential channels to deploy destructive malware. In addition, given the trove of sensitive data held by the organizations, healthcare breaches , and compromises can have far-reaching consequences for consumers.